book
Checkout our new book! Hands on AI Trading with Python, QuantConnect, and AWS Learn More arrow

API Reference

Authentication

Introduction

You can make authenticated REST requests to the QuantConnect API with your User Id and API Token. You can use the authentication endpoint described in this page to verify it is working correctly.

The base URL of QuantConnect API is https://www.quantconnect.com/api/v2.

Follow these steps to request an API token:

  1. Log in to your account.
  2. In the top navigation bar, click yourUsername > My Account.
  3. On your Account page, in the Security section, click Request Email With Token and Your User-Id for API Requests.
  4. Click OK.

We email you your user Id and API token.

To get the organization Id, open Organization > Home and check the URL. For example, the organization Id of https://www.quantconnect.com/organization/5cad178b20a1d52567b534553413b691 is 5cad178b20a1d52567b534553413b691.

Authenticating Requests

Requests to QuantConnect API v2 require a hashed combination of time, and the API token. The unixtime stamp combination serves as a nonce token as each request is sent with a different signature but never requires sending the API token itself.

Hashing

Follow the below example to create a hashed token for authentication.

// Generate a timestamped SHA-256 hashed API token for secure authentication
#r "nuget:RestSharp"
using System;
using System.Security.Cryptography;
using RestSharp;

// Request your API token on https://www.quantconnect.com/settings/ and replace the below values.
var yourUserId = 0;
var yourApiToken = "_____";

// Get timestamp
var stamp = ((DateTimeOffset)DateTime.UtcNow).ToUnixTimeSeconds();
var timeStampedToken = $"{<yourApiToken>}:{stamp}";

// Get hashed API token
var crypt = new SHA256Managed();
var hashToken = crypt.ComputeHash(Encoding.UTF8.GetBytes(timeStampedToken), 0, Encoding.UTF8.GetByteCount(timeStampedToken));
var hash = new StringBuilder();
foreach (var theByte in hashToken)
{
    hash.Append(theByte.ToString("x2"));
}
var apiToken = hash.ToString();

# Generate a timestamped SHA-256 hashed API token for secure authentication
from base64 import b64encode
from hashlib import sha256
from time import time

# Request your API token on https://www.quantconnect.com/settings/ and replace the below values.
USER_ID = 0
API_TOKEN = '_____'

def get_headers():
    # Get timestamp
    timestamp = f'{int(time())}'
    time_stamped_token = f'{API_TOKEN}:{timestamp}'.encode('utf-8')

    # Get hased API token
    hashed_token = sha256(time_stamped_token).hexdigest()
    authentication = f'{USER_ID}:{hashed_token}'.encode('utf-8')
    authentication = b64encode(authentication).decode('ascii')

    # Create headers dictionary.
    return {
        'Authorization': f'Basic {authentication}',
        'Timestamp': timestamp
    }

Make API Request

Follow the below example to install the hashing into the authenticator and make an API request.

Follow the below example to install the hashing into the headings and make an API request.

// Create REST client and install authenticator.
var client = new RestClient("<requestUrl>");
client.Authenticator = new HttpBasicAuthenticator(
    "<yourUserId>",
    hash.ToString()
);

// Create Request and add timestamp header (optional: Json Content).
var request = new RestRequest();
request.AddHeader("Timestamp", stamp.ToString());

// Make POST request.
var response = await client.PostAsync(request);
var content = response.Content
# Create POST Request with headers (optional: Json Content as data argument).
from requests import post
BASE_URL = 'https://www.quantconnect.com/api/v2/'

response = post(f'{BASE_URL}/<request_url>',
                headers = get_headers(),
                data = {}, 
                json = {})    # Some request requires json param (must remove the data param in this case)
content = response.text

Authenticated State Request

Authentication status check endpoint to verify the hashing function is working successfully. The /authenticate API does not require any information, but just an authenticated hash in the header.

Authenticated State Responses

The /authenticate API provides a response in the following format:

200 Success

RestResponse Model - Base API response class for the QuantConnect API.
success boolean
Indicate if the API request was successful.
Example 
{
  "success": true
}

401 Authentication Error

UnauthorizedError Model - Unauthorized response from the API. Key is missing, invalid, or timestamp is too old for hash.
www_authenticate string
Header

You can also see our Videos. You can also get in touch with us via Discord.

Did you find this page helpful?

Contribute to the documentation: